A safety warning issued for the Linux kernel has acquired an replace from the BSI. You can learn the outline of the safety holes together with the most recent updates and details about the affected working methods and merchandise right here.
Federal Office for Security in Information Technology (BSI) revealed an replace on May 21, 2024 to probably the most weak safety gap within the Linux kernel recognized on August 25, 2019. The safety vulnerability impacts the Linux working system and merchandise Debian Linux, Red Hat Enterprise Linux, Ubuntu Linux, SUSE Linux, Oracle VM and Open Source Linux Kernel.
The newest producer suggestions for updates, workarounds and safety patches for this vulnerability could be discovered right here: Red Hat Security Advisory RHSA-2024:3138 (From 22 May 2024). Some helpful assets are listed later on this article.
Multiple Linux kernel vulnerabilities – Risk: medium
Risk degree: 3 (reasonable)
CVSS Base Score: 6.5
CVSS provisional rating: 5,7
Remote management: Ja
The Common Vulnerability Scoring System (CVSS) is used to evaluate the vulnerability of laptop methods. The CVSS customary makes it potential to match potential or precise safety dangers primarily based on numerous metrics so as to prioritize countermeasures. The attributes “none”, “low”, “medium”, “excessive” and “extreme” are used to find out the severity ranges of the vulnerability. The Base Score evaluates the necessities of an assault (together with authentication, complexity, privileges, consumer interplay) and its outcomes. Temporal scores additionally consider adjustments over time within the threat state of affairs. The severity of the present vulnerability is classed as “reasonable” based on the CVSS with a base rating of 6.5.
Linux Kernel Bug: Description of the assault
The kernel represents the core of the Linux working system.
A distant, approved, or native attacker can exploit quite a few vulnerabilities within the Linux kernel to trigger a denial of service, expose info, and carry out unspecified assaults.
Vulnerabilities are categorized utilizing the CVE (Common Vulnerability and Exposure) designation system by their particular person serial numbers CVE-2019-15504, CVE-2019-15505 and CVE-2019-15538.
Systems affected by the safety hole at a look
working system
Linux
Products
Debian Linux (cpe:/o:debian:debian_linux)
Red Hat Enterprise Linux (cpe:/o:redhat:enterprise_linux)
Ubuntu Linux (cpe:/o:canonical:ubuntu_linux)
SUSE Linux (cpe:/o:use:suse_linux)
Oracle VM (cpe:/a:oracle:vm)
Open Source Linux Kernel
Common steps to handle IT safety gaps
- Users of affected methods ought to keep up-to-date. When safety holes are recognized, producers are required to repair them shortly by creating a patch or workaround. If safety patches can be found, set up them instantly.
- For info, see the sources listed within the subsequent part. This usually comprises further details about the most recent model of the software program in query and the provision of safety patches or efficiency ideas.
- If you will have any additional questions or uncertainties, please contact your accountable administrator. IT safety managers ought to often test if IT safety alert Affected producers present a brand new safety replace.
Sources for updates, patches and workarounds
Here you will see some hyperlinks with details about bug experiences, safety fixes and workarounds.
Red Hat Security Advisory RHSA-2024:3138 vom 2024-05-22 (21.05.2024)
For extra info, see:
Red Hat Security Advisory RHSA-2024:2950 vom 2024-05-22 (21.05.2024)
For extra info, see:
ORACLE OVMSA-2020-0044 vom 2020-10-09 (11.10.2020)
For extra info, see:
Red Hat Security Advisory RHSA-2020:2104 vom 2020-05-12 (12.05.2020)
For extra info, see:
Debian Security Advisory DLA 2131 vom 2020-03-05 (05.03.2020)
For extra info, see:
Debian Security Advisory DLA 2068 vom 2020-03-02 (02.03.2020)
For extra info, see:
SUSE Security Update SUSE-SU-2019:2984-1 vom 2019-11-16 (17.11.2019)
For extra info, see:
SUSE Security Update SUSE-SU-2019:14218-1 vom 2019-11-13 (13.11.2019)
For extra info, see:
SUSE Security Update SUSE-SU-2019:2950-1 vom 2019-11-13 (12.11.2019)
For extra info, see:
SUSE Security Update SUSE-SU-2019:2949-1 vom 2019-11-13 (12.11.2019)
For extra info, see:
SUSE Security Update SUSE-SU-2019:2756-1 vom 2019-10-24 (23.10.2019)
For extra info, see:
Ubuntu Security Notice USN-4163-2 vom 2019-10-23 (22.10.2019)
For extra info, see:
Ubuntu Security Notice USN-4162-2 vom 2019-10-23 (22.10.2019)
For extra info, see:
SUSE Security Update SUSE-SU-2019:2738-1 vom 2019-10-22 (22.10.2019)
For extra info, see:
Ubuntu Security Notice USN-4157-2 vom 2019-10-22 (21.10.2019)
For extra info, see:
Ubuntu Security Notice USN-4162-1 vom 2019-10-22 (21.10.2019)
For extra info, see:
Ubuntu Security Notice USN-4163-1 vom 2019-10-22 (21.10.2019)
For extra info, see:
Ubuntu Security Notice USN-4157-1 vom 2019-10-17 (16.10.2019)
For extra info, see:
SUSE Security Update SUSE-SU-2019:2658-1 vom 2019-10-15 (14.10.2019)
For extra info, see:
SUSE Security Update SUSE-SU-2019:2651-1 vom 2019-10-14 (14.10.2019)
For extra info, see:
SUSE Security Update SUSE-SU-2019:2648-1 vom 2019-10-12 (13.10.2019)
For extra info, see:
Ubuntu Security Notice USN-4147-1 vom 2019-10-04 (06.10.2019)
For extra info, see:
Ubuntu Security Notice USN-4144-1 vom 2019-10-01 (30.09.2019)
For extra info, see:
SUSE Security Update SUSE-SU-2019:2424-1 vom 2019-09-21 (22.09.2019)
For extra info, see:
SUSE Security Update SUSE-SU-2019:2412-1 vom 2019-09-20 (22.09.2019)
For extra info, see:
SUSE Security Update SUSE-SU-2019:2414-1 vom 2019-09-20 (22.09.2019)
For extra info, see:
National Vulnerbility Database CVE-2019-15538 vom 2019-08-25 (25.08.2019)
For extra info, see:
National Vulnerbility Database CVE-2019-15505 vom 2019-08-25 (25.08.2019)
For extra info, see:
National Vulnerbility Database CVE-2019-15504 vom 2019-08-25 (25.08.2019)
For extra info, see:
Version historical past of this safety alert
This is model 21 of this Linux Kernel IT Security Notice. This doc will probably be up to date as extra updates are introduced. You can examine adjustments or additions on this model historical past.
August 25, 2019 – First model
08/29/2019 – References added: FEDORA-2019-4C91A2F76E
09/01/2019 – References added: FEDORA-2019-97380355AE
09/22/2019 – New updates from SUSE added
September 30, 2019 – Added new persona updates
October 6, 2019 – Added new persona updates
October 13, 2019 – New updates from SUSE added
October 14, 2019 – New updates from SUSE have been added
October 16, 2019 – Added new updates for Ubuntu
October 21, 2019 – Added new updates for Ubuntu
October 22, 2019 – New updates from SUSE added
10/22/2019 – Version not obtainable
October 23, 2019 – New updates from SUSE have been added
November 12, 2019 – New updates from SUSE added
November 13, 2019 – New updates from SUSE added
November 17, 2019 – New updates from SUSE added
03/02/2020 – New updates from Debian added
03/05/2020 – New updates from Debian added
May 12, 2020 – New updates from Red Hat have been added
October 11, 2020 – New updates from ORACLE have been added
May 21, 2024 – New updates from Red Hat added
+++ Editorial observe: This doc is predicated on present BSI knowledge and will probably be up to date in a data-driven method relying on the standing of the alert. We welcome suggestions and feedback at [email protected]. +++
comply with News.de you’re right here Facebook, Twitter, Pinterest once more YouTube? Here you will see sizzling information, present movies and a direct line to the editorial workforce.
kns/roj/information.de